Tweet
Tweet

Slide 1

Slide 1 text

Class 17: Structural Induction cs2102: Discrete Mathematics | F16 uvacs2102.github.io David Evans University of Virginia 0

Slide 2

Slide 2 text

Plan Recursive Data Types: Lists Recap List Operations Proving Properties about All Lists Structural Induction Trees 1

Slide 3

Slide 3 text

Recap: Lists null: prepend: × ⟶ first: List ⟶ rest: ⟶ empty: ⟶ Definition. A list is an ordered sequence of objects. A list is either the empty list (), or the result of prepend(, ) for some object and list . List Operations Constructors Observers 2

Slide 4

Slide 4 text

Defining List Operations null: prepend: × ⟶ first: List ⟶ rest: ⟶ empty: ⟶ first prepend(, ) ⟶ rest prepend(, ) ⟶ empty prepend(, ) ⟶ empty null ⟶ 3

Slide 5

Slide 5 text

Length of a List 4

Slide 6

Slide 6 text

Length of a List Definition. The length of a list, , is: 0 if is null 1 + length otherwise = prepend , 5

Slide 7

Slide 7 text

Prove: for all lists, , list_length() returns the length of the list . Definition. The length of a list, , is: 0 if is null 1 + length otherwise = prepend , 6

Slide 8

Slide 8 text

Prove: for all lists, , list_length() returns the length of the list . Definition. The length of a list, , is: 0 if is null 1 + length otherwise = prepend , 7

Slide 9

Slide 9 text

Concatenation Definition. The concatenation of two lists, = U , V , … , X and = U , V , … , Y is U , V , … , X , U , V , … , Y . How can we define this constructively? 8

Slide 10

Slide 10 text

Concatenation Definition. The concatenation of two lists, = U , V , … , X and = U , V , … , Y is U , V , … , X , U , V , … , Y . How can we define this constructively? Also: poll on “slack breaks” Any questions about PS6, definitions so far, recursive data, etc. 9

Slide 11

Slide 11 text

10

Slide 12

Slide 12 text

11

Slide 13

Slide 13 text

Concatenation Definition. The concatenation ( + ) of two lists, and , is defined as: Base case: = (empty list) + = Constructor case: = prepend(, ) for some list , object + = prepend(, + ) 12

Slide 14

Slide 14 text

Length of Concatenation Prove. For any two lists, and , length( + ) = length() + length() 13

Slide 15

Slide 15 text

Prove. For any two lists, and , length( + ) = length() + length() Base case: = (empty list) + = Constructor case: = prepend(, ) + = prepend(, + ) 14

Slide 16

Slide 16 text

Structural Induction To prove for all objects of a data type: 1. Prove for all base objects . 2. Prove for all data type objects : ⇒ for all constructable from . 15

Slide 17

Slide 17 text

Structural Induction (Data Types) Invariant Principle (State Machines) (Regular) Induction (Natural Numbers) To prove ^ prove a base case prove an inductive step quod erat demonstrandum. 16

Slide 18

Slide 18 text

Structural Induction (Data Types) Invariant Principle (State Machines) (Regular) Induction (Natural Numbers) for all data type objects for all reachable states To prove ^ for all natural numbers prove a base case 0 _ base object prove an inductive step ⇒ ( + 1) ⇒ for all constructable from ⇒ for all reachable from quod erat demonstrandum. 17

Slide 19

Slide 19 text

Trick-or-Treat Protocols 18

Slide 20

Slide 20 text

“Trick or Treat” 19 Tricker initiates the protocol by making a threat and demanding tribute Victim either pays tribute (usually in the form of sugary snack) or risks being tricked

Slide 21

Slide 21 text

“Trick or Treat” 20 Tricker initiates the protocol by making a threat and demanding tribute Victim either pays tribute (usually in the form of sugary snack) or risks being tricked Tricker must convince Victim that she poses a credible threat: prove she is a qualified tricker

Slide 22

Slide 22 text

Trick-or-Treat Trickers? Victim 21 Any problems with this?

Slide 23

Slide 23 text

Proof without Disclosure How can the tricker prove their trickability, without allowing the victim to now impersonate a tricker? 22

Slide 24

Slide 24 text

Challenge-Response Protocol 23 Prover: proves knowledge of by revealing (, ) . Verifier: convinced prover knows , but learns nothing useful about . Verifier: picks random . Need a one-way function: hard to invert, but easy to compute.

Slide 25

Slide 25 text

Example: RSA 24 Ee (M ) = Me mod n Dd (C ) = Cd mod n Correctness property: Ee (Dd ()) =

Slide 26

Slide 26 text

Trick-or-Treat Trickers? Victim 25

Slide 27

Slide 27 text

Trick-or-Treat Trickers? Victim 26 How does victim know e and n? Verify: n = nmod =

Slide 28

Slide 28 text

27 “Elsa #253224”, = 3482..., = 1234... signed by Tricker’s Buroo Verify: n = nmod = Verify Tricker’s Buroo signature on certificate

Slide 29

Slide 29 text

28 “virginia.edi”, = 3482..., = 1234... signed by Certificate Authority Verify and Decrypt: p n () = Verify signature on certificate Server

Slide 30

Slide 30 text

29

Slide 31

Slide 31 text

Binary Trees A binary tree is either: - null or - node: (Tree, Object, Tree) 30

Slide 32

Slide 32 text

Tree Operations A binary tree is either: - null or - node: (Tree, Object, Tree) 31

Slide 33

Slide 33 text

A binary tree is either: - null or - node: (Tree, Object, Tree) null: node: × × → label: → left: → right: → empty: → Tree Operations 32

Slide 34

Slide 34 text

Structural Induction To prove for all objects of a data type: 1. Prove for all base objects . 2. Prove for all data type objects : ⇒ for all constructable from . Does this work for trees? 33

Slide 35

Slide 35 text

Structural Induction To prove for all objects of a data type: 1. Prove for all base objects . 2. Prove for all data type objects : ⇒ for all constructable from . Tree Constructors null: node: × × → 34

Slide 36

Slide 36 text

Binary Structural Induction To prove for all objects of a data type: 1. Prove for all base objects . 2. Prove for all data type objects U , V : U ∧ V ⇒ for all constructable from U and V. 35

Slide 37

Slide 37 text

Number of Labels Prove: The number of labels in a binary tree with nodes is . null: node: × × → 36

Slide 38

Slide 38 text

Charge Enjoy Halloween Don’t be victimized by any unsubstantiated threats! Problem Set 7 due Friday 37